Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for WAN (wide area network) optimization for a WAN that connects a first site that sends a data stream to a second site, the method comprising: at a gateway router deployed to a public cloud, receiving (i) a public evaluation key from a destination device of the data stream at the second site and (ii) an encrypted file from the first site to be sent in the data stream to the second site; without decrypting the encrypted file, using the received public evaluation key (i) to compute a set of encrypted indices for the encrypted file, (ii) to derive a set of encrypted segments from the encrypted file, and (iii) to perform a set of WAN optimization operations on the set of encrypted segments to generate an optimized encrypted file; and forwarding the optimized encrypted file in the data stream to the second site.
2. The method of claim 1, wherein receiving the encrypted file from the first site comprises receiving the encrypted file from a source device of the data stream at the first site, wherein the gateway router is a next hop between the source device of the encrypted data stream and the second site.
3. The method of claim 1, wherein using the received public evaluation key to derive the set of encrypted segments further comprises using the computed set of encrypted indices and the public evaluation key to derive the optimized set of encrypted segments.
4. The method of claim 3 further comprising using the computed set of encrypted indices, the public evaluation key, and the derived set of encrypted segments to compute a set of digests corresponding to the derived set of encrypted segments.
5. The method of claim 4, wherein the set of digests comprises a set of segment identifiers corresponding to the set of encrypted segments.
6. The method of claim 1, wherein the set of WAN optimization operations comprises a TRE (traffic redundancy elimination) operation and a compression operation.
7. The method of claim 6, wherein the TRE operation comprises (i) identifying a set of redundant segments in the set of encrypted segments and (ii) replacing each identified redundant segment in the set of redundant segments with a segment identifier corresponding to the identified redundant segment.
8. The method of claim 6, wherein the compression operation comprises compressing the set of encrypted segments and the set of encrypted indices in order to generate the optimized encrypted file.
9. The method of claim 1, wherein forwarding the optimized encrypted file to the second site comprises forwarding the optimized encrypted file to a destination-side gateway router that decomposes, decompresses, and reconstructs the encrypted file without decrypting the encrypted file.
10. The method of claim 9, wherein the public cloud is a first public cloud, wherein the destination-side gateway router is deployed to a second public cloud for forwarding the encrypted file to a destination device at the second site after decomposing, decompressing, and reconstructing the encrypted file.
11. The method of claim 10, wherein: the public evaluation key is a public evaluation first key in a plurality of keys generated by the destination device of the data stream at the second site, the plurality of keys further comprises (i) a public encryption second key used by a source device of the data stream at the first site to generate the encrypted file and (ii) a secret decryption third key for use by the destination device to decrypt the encrypted file upon receiving the encrypted file from the destination-side gateway router.
12. The method of claim 1, wherein the set of encrypted indices comprises unique identifiers to categorize the encrypted file.
13. A non-transitory machine readable medium storing a program for execution by a set of processing units, the program for a gateway router deployed to a public cloud to provide WAN (wide area network) optimization for a WAN that connects a first site that sends a data stream to a second site, the program comprising sets of instructions for: receiving (i) a public evaluation key from a destination device of the data stream at the second site and (ii) an encrypted file from the first site to be sent in the data stream to the second site; without decrypting the encrypted file, using the received public evaluation key (i) to compute a set of encrypted indices for the encrypted file, (ii) to derive a set of encrypted segments from the encrypted file, and (iii) to perform a set of WAN optimization operations on the set of encrypted segments to generate an optimized encrypted file; and forwarding the optimized encrypted file in the data stream to the second site.
14. The non-transitory machine readable medium of claim 13, wherein the set of instructions for receiving the encrypted file from the first site comprises a set of instructions for receiving the encrypted file from a source device of the data stream at the first site, wherein the gateway router is a next hop between the source device of the encrypted data stream and the second site.
15. The non-transitory machine readable medium of claim 13, wherein the set of instructions for using the received public evaluation key to derive the set of encrypted segments further comprises a set of instructions for using the computed set of encrypted indices and the public evaluation key to derive the optimized set of encrypted segments.
16. The non-transitory machine readable medium of claim 15, the program further comprising a set of instructions for using the computed set of encrypted indices, the public evaluation key, and the derived set of encrypted segments to compute a set of digests corresponding to the derived set of encrypted segments, wherein the set of digests comprises a set of segment identifiers corresponding to the set of encrypted segments.
17. The non-transitory machine readable medium of claim 13, wherein the set of WAN optimization operations comprises a TRE (traffic redundancy elimination) operation and a compression operation.
18. The non-transitory machine readable medium of claim 17, wherein the TRE operation comprises (i) identifying a set of redundant segments in the set of encrypted segments and (ii) replacing each identified redundant segment in the set of redundant segments with a segment identifier corresponding to the identified redundant segment.
19. The non-transitory machine readable medium of claim 17, wherein the compression operation comprises compressing the set of encrypted segments and the set of encrypted indices in order to generate the optimized encrypted file.
20. The non-transitory machine readable medium of claim 13, wherein the set of encrypted indices comprises unique identifiers to categorize the encrypted file.
Unknown
June 10, 2025
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.